Remarks 

In response to various "would have been obvious to combine": 

Most strikingly, no prior art teaches a UI that is truly workable for an average professional, be it a 
medical, legal, non-technical, American or other professional. No prior art describes anything a 
medical doctor or nurse would look forward to be using. 

A recognized need without a solution: 

Whalen et al, in User Experiences with Sharing and Access Control, CHI 2006, April 22-27, 2006, 
Montreal, Quebec, Canada, ACM 1-59593-298-4/06/0004 describe how their research has identified 
needs and problems which have been addressed by the present invention (emphasis added): 

Information and resource sharing through networked technologies has become a central part of many people's 
lives. They share digital photos with their families, and project proposals with their colleagues. However, 
people often need to set limits on who can (or cannot) see or use a shared resource. This is traditionally the 
job of an access control system, such as those implemented by file permissions or access control lists. 

One active and growing area of research concerns people's problems with setting restrictions on who can and 
who cannot access digital content. Evidence suggests that configuring file permissions in access control 
systems difficulties is hard for users who often don't fully understand the underlying access model(s). 
Similarly, setting (or encountering) restrictions on file access can interrupt or interfere with the primary 
task at hand [2]. 

However, while a few studies have attempted to design better interfaces for existing access control systems 
[1,3, 4], there have been no systematic user studies of the basic access control models deployed in the vast 
majority of current systems - or, for that matter, the social control models that people are tacitly trying to 
apply in their particular activity contexts when they use these security mechanisms. In systems, the 
implemented models generally have tremendous expressive power, potentially leaving users awash in a sea of 
very fine-grained access control settings. Further, current systems often require users to manage these 
settings in isolation from any helpful application context. Finally, file permissions are often invisible once 
set, and default permission settings may be unknown. 

and 

Summary observations from the survey 

The survey results indicate that even in a highly technically competent group, with good technical support, 
problems arise regularly, leading to frustration and difficulty. We found little correlation between skill level 
and experience, although it was clear that technical competence led to improved understanding of the issues at 
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large. This undermines the myth that only users with little skill are stymied by issues of file access and 
restriction. Further, we note that users are well aware of the periodic need to access and to "keep tabs" on 
files, but this management and monitoring must be carried out in addition to the focused work that is 
taking place. Finally, we note that the workplace supports many different systems as a necessity - trying to 
force a single solution would severely affect the work. 

Non-obviousness: 

Ka-Ping Yee in User Interaction Design for Secure Systems mentions at least one obstacle, a cultural 
issue in the information technology community which has led to problematic lack of usabilty: 

Many designers habitually assume that improving security necessarily degrades usability, and vice versa; 
the decision of whether to favour one or the other is typically seen as a regrettable compromise. 

Solution depends on details of GUI: 

In Changing Lives Through Technology, ACM Ubiquity, Volume 5, Issue 6, April 7 - 13, 2004 David 
Nagel, Ph.D. (Nagel had been president of AT&T Labs, formerly Bell Labs, and the CTO at AT&T; 
prior Nagel had been head of Apple Computer's advanced technology group and senior VP; prior Nagel 
had been head of NASA human factors research at NASA's Ames Research Center; Nagel holds an MS 
in engineering and a Ph.D. in psychology) explains (emphasis added): 

The fundamental problem is that if the underlying system model incorporates abstractions that are difficult for 
normal human beings to understand, it's always, always going to behave in unpredictable and non- 
understandable ways to them. In general, it's harder to make such systems easy to use, and that's why good 
human factors must be reflected in every aspect of a design, from the fundamental architecture of the system 
through to the implementation of the exact way you draw the graphics on the screen and the exact way you 
support interaction with the screen via tapping and talking and anything else you might do. There are some 
spectacularly good examples of human factors design, and there are equally spectacular examples of failures. 

Non-obviousness: 

On 2005-09-06 Nagel (a human factors expert and generalist who had headed two of the premier 
research organizations in information technology) wrote in an email to Applicant (unabridged 1st 
paragraph, emphasis added): 

Thanks for the summary - and I agree that the human factors of security (including access control - which 
may reflect the worst human factors practices in the industry - "access denied" or "you don't have authority to 
access that information", etc.) is one of the great unsolved problems in software. 

In that context, Applicant respectfully asks Examiner to drop arguments of obviousness. 
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In response to action items 3, 4, 5 and 6: 



The original disclosure specification discusses "display space" in paragraphs [0027], [0128], [0130], 
[0176]-[0177] and [0181], "screen size" in paragraphs [0027] and how they relate to one another. The 
original disclosure specification has over 40 mentions of "display region". The original disclosure 
discusses a "screen" in paragraphs [0027], [0031] and [0088]. One of ordinary skill in the art would 
understand that a screen or a display must be visually perceptible by an observer. The terminology 
"visual display unit" to one of ordinary skill in the art is founded on Applicant's discussion of display 
space and a screen, that a screen is understood to display something to an observer visually. 

Therefore, insertion of language about "visual display unit" from the amendment into the specification 
is merely a clarification. 

In response to action items 7, 8 and 18: 

The following is a quotation of the second paragraph of MPEP 21 1 1.02 Effect of Preamble [R-3]: 

"[A] claim preamble has the import that the claim as a whole suggests for it." Bell Communications Research, 
Inc. v. Vitalink Communications Corp., 55 F.3d 615, 620, 34 USPQ2d 1816, 1820 (Fed. Cir. 1995). "If the 
claim preamble, when read in the context of the entire claim, recites limitations of the claim, or, if the claim 
preamble is 'necessary to give life, meaning, and vitality' to the claim, then the claim preamble should be 
construed as if in the balance of the claim." Pitney Bowes, Inc. v. Hewlett-Packard Co., 182F.3d 1298, 1305, 
51 USPQ2d 1161, 1165-66 (Fed. Cir. 1999). See also Jansen v. Rexall Sundown, Inc., 342 F.3d 1329, 1333, 
68 USPQ2d 1 154, 1 158 (Fed. Cir. 2003)(In considering the effect of the preamble in a claim directed to a 
method of treating or preventing pernicious anemia in humans by administering a certain vitamin preparation 
to "a human in need thereof," the court held that the claims' recitation of a patient or a human "in need" gives 
life and meaning to the preamble's statement of purpose.). Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 
48 1 (CCPA 195 1) (A preamble reciting "An abrasive article" was deemed essential to point out the invention 
defined by claims to an article comprising abrasive grains and a hardened binder and the process of making it. 
The court stated "it is only by that phrase that it can be known that the subject matter defined by the claims is 
comprised as an abrasive article. Every union of substances capable inter alia of use as abrasive grains and a 
binder is not an 'abrasive article.'" Therefore, the preamble served to further define the structure of the article 
produced.). 

Applicant considers the visual display unit recited in the preamble to be a claim limitation. 

As claims 1 and 10 are limited to a visual display unit, that is to a machine, claims 1 and 10 don't cover 
software per se. Claims 1 and 10 don't cover any non-statutory embodiment at all. 
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In addition to the above, even as the preferred embodiment of the claimed invention is disclosed as 
being implemented by software, nevertheless the claimed invention is not limited thereto. The present 
invention could equally well be implemented in hardware, including but not limited to discrete logic, 
field programmable gate arrays or other similar means well known in the art. 

In response to action items 10, 12, 13, 14 and 15: 

Applicant represents that rejections based on the Barkley reference "(col. 13, lines 19-60; Figs. 2, 4, 
and 5; file name and file path are displayed on Role/Group Permission view)" are improper, as Barkley 
discloses only file name and file path are displayed. The Barkley disclosure misses the very "one or 
more display regions for normal size, legibly scaled, unabridged representation of the content of 
the resource" of claim 1 . 

The ability for a (possibly non-technical) professional operator to concurrently see and to concurrently 
operate on the content of a digital document as well as on its access control settings is an essential 
innovation of the present invention, with benefits in resulting correctness and productivity. 

To illustrate the difference: If a directory path would be 

/documents/ 
and a file name would be 

newengine.doc 
then, in contrast, content could be 

New Design of Internal Computation Engine 

After more than two dozen years of development we have developed mathematical proof that engines can run 
on numerical computation alone. This document is intended to describe how to turn that theory into a 
deliverable product by the end of the decade. 

Before going into details we would like to include a transcription of the Bill of Rights (Constitutional 
Amendments 1-10) of the United States, as found at NARA (National Archives & Records Administration). 

In response to action items 16 and 17: 

Firstly, and sufficient as an argument in itself, Hildebrand doesn't mention any log information. 
Therefore, a rejection based on "Hildebrand teaches a graphical user interface for representing access 
log information...'" must be improper. 
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Secondly, Hildebrand Fig. 2C.1 isn't a graphical user interface, but it is a technical illustration of a data 
structure, described in para. 102. Fig. 2C.1 is neither appropriate to be in a user interface nor does 
Hildebrand teach its use in user interface. 

Thirdly, if one starts from reading Hildebrand para. 108, and then glances at Hildebrand Fig. 2D it 
could be supposed as representing access rules for a specific document. Closer inspection and a number 
of details however reveal Fig. 2D appears to define membership in "Group B" and rights of "Group B". 
In addition to "Add" and "Delete" buttons to shuttle users between "Group to pickup users" and 
"Group to setup" there are check boxes for "Default rights for files in this group". The title of the user 
interface in Fig. 2D is "AdmGrp", apparently as in "Administrating Group". One could consider Fig. 
2D and para. 0108 lacking a level of clarity required for teaching. 

Hildebrand para. 0108 appears to say when a user is ready to save a document then he can define new 
access rules for the directory, with Fig. 2D implying the necessity of definition of a new group. Within 
that group, all users are subject to the same rules. 

Hildebrand Fig. 2D misses for each of the individual users to have a different visual element 
indicating if the user has write privilege for a specific document, a limitation of claim 10. 

The present invention in at least two dimensions exceeds Hildebrand's teaching: 1) Better resolution in 
showing access control settings per document, not only per directory, and 2) better resolution in 
showing write versus read privilege per user, not only per group. 

Fourthly, Hildebrand Fig. 5B.1 doesn't show users privileges for a specific document. Para. 135 
explains Fig. 5B.1 shows privileges for any secured documents, and it mentions levels for various 
active folders, storage locations, users or group of users. There is no hint at user interface for a specific 
document. Prior art lacks general usability because it lacks focus on a specific document. 

Fifthly, the marginal, even substandard quality of Hildebrand's user interface disqualifies it from being 
conducive to significant improvement being built on it. 

Sixthly, Sekiguchi user interface displays alarms only. Examples of Sekiguchi user interface, rather 
than internal workings, are in Sekiguchi Figs. 15 and 16. In appearance and workings Sekiguchi 
significantly differs from the present invention. Sekiguchi doesn't give an operator the information the 
present invention does, not the same information, let alone in the same context. 

In response to action item 20a: 
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The following is a quotation of the second paragraph of MPEP 21 1 1.02 Effect of Preamble [R-3]: 

"[A] claim preamble has the import that the claim as a whole suggests for it." Bell Communications Research, 
Inc. v. Vitalink Communications Corp., 55 F.3d 615, 620, 34 USPQ2d 1816, 1820 (Fed. Cir. 1995). "If the 
claim preamble, when read in the context of the entire claim, recites limitations of the claim, or, if the claim 
preamble is 'necessary to give life, meaning, and vitality' to the claim, then the claim preamble should be 
construed as if in the balance of the claim." Pitney Bowes, Inc. v. Hewlett-Packard Co., 182F.3d 1298, 1305, 
51 USPQ2d 1161, 1165-66 (Fed. Cir. 1999). See also Jansen v. Rexall Sundown, Inc., 342 F.3d 1329, 1333, 
68 USPQ2d 1 154, 1 158 (Fed. Cir. 2003)(In considering the effect of the preamble in a claim directed to a 
method of treating or preventing pernicious anemia in humans by administering a certain vitamin preparation 
to "a human in need thereof," the court held that the claims' recitation of a patient or a human "in need" gives 
life and meaning to the preamble's statement of purpose.). Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 
48 1 (CCPA 195 1) (A preamble reciting "An abrasive article" was deemed essential to point out the invention 
defined by claims to an article comprising abrasive grains and a hardened binder and the process of making it. 
The court stated "it is only by that phrase that it can be known that the subject matter defined by the claims is 
comprised as an abrasive article. Every union of substances capable inter alia of use as abrasive grains and a 
binder is not an 'abrasive article.'" Therefore, the preamble seived to further define the structure of the article 
produced.). 

Applicant considers the limitation to "a single specific predetermined resource" recited in the preamble 
to be a claim limitation. 

To clarify, Applicant has amended claim 10 from "a resource" to "a single specific predetermined 
resource". 

The original disclosure and the present invention have been and are about access control for a single 
specific predetermined document. 

The original disclosure and the present invention have been and are about distinctly reviewing access 
per single specific predetermined document. 

Figure 9 of the present disclosure shows a moment in the user interface of an implementation of the 
present invention. For a given URL 400 the Web browser shows a familiar representation 401 of the 
document. Adjoining there is an region 410 with a representation of the effective access control settings 
for the document. User Lee 411 has write privilege, as indicated by a green pencil next to the user's id. 
Group Marketing 412 has read privilege. User Rolf 413 has read privilege. Further adjoining there is a 
comprehensive representation of log information for the document, one row per user showing carefully 
defined compiled log information including user identity 420, a row's user's most recent write access 
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430 to the document and a row's user's most recent read access 440 to the document, for each 
individual user. 

In response to action item 20b: 

If Sekiguchi Fig. 9 were relevant as user interface (but it is an illustration of a section of a file, log, 
stream or data only) it would be an example of information presented in a way that isn't fit for fast and 
effective work by a non-technical user who is legally responsible for correctly handling access control 
to documents while under pressure to perform more work in less time. 

The carefully defined compiled log information of the present invention is essential for usability. Not 
only for human comprehension, but also to fit into display space. 

Figure 9 of the present disclosure shows a moment in the user interface of an implementation of the 
present invention. For a given URL 400 the Web browser shows a familiar representation 401 of the 
document. Adjoining there is an region 410 with a representation of the effective access control settings 
for the document. User Lee 411 has write privilege, as indicated by a green pencil next to the user's id. 
Group Marketing 412 has read privilege. User Rolf 413 has read privilege. Further adjoining there is a 
comprehensive representation of log information for the document, one row per user showing carefully 
defined compiled log information including user identity 420, a row's user's most recent write access 
430 to the document and a row's user's most recent read access 440 to the document, for each 
individual user. 

In response to action item 20c: 

Sekiguchi teaches algorithms searching for patterns. Examination has shown Sekiguchi patterns to be 
different than the present invention's. Patterns being different or not, different than the present 
invention, Sekiguchi doesn't teach showing essential information in user interface. 

In response to action item 20d: 

To clarify, Applicant has amended claim 10 from "a resource" to "a single specific predetermined 
resource". 

Sekiguchi doesn't show the present invention's carefully defined compiled log information for a single 
specific predetermined document. 
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Skeiguchi doesn't teach the present invention's user interface or comprehensibility of access log 
information for a non-technical user. 

The present invention specifically teaches those, in order to solve an information security, access 
control usability problem. 

Conclusion 

Applicant respectfully solicits consideration of his arguments herein, and allowance of the remaining, 
now further restricted, pending claims. 
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Respectfully submitted, 
/Leo Baschy/ 
Leo Baschy 
Applicant Pro Se 

Date 2009-11-09 
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